Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-21 | CVE-2007-1019 | SQL Injection vulnerability in Webspell 4.01.02 SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388. network webspell | 6.8 |
| 2007-02-21 | CVE-2007-1012 | Cross-Site Scripting vulnerability in Deskpro 1.1.0 Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter. | 4.3 |
| 2007-02-21 | CVE-2007-1010 | Remote File Include vulnerability in Zebrafeeds 1.0 Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the zf_path parameter to (1) aggregator.php and (2) controller.php in newsfeeds/includes/. network zebrafeeds | 6.8 |
| 2007-02-20 | CVE-2007-0988 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument. | 4.3 |
| 2007-02-20 | CVE-2007-1004 | Unspecified vulnerability in Mozilla Firefox 2.0 Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar. network mozilla | 4.3 |
| 2007-02-16 | CVE-2007-0898 | Path Traversal vulnerability in Clam Anti-Virus Clamav Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. | 6.4 |
| 2007-02-16 | CVE-2007-0451 | Resource Management Errors vulnerability in Apache Spamassassin Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage." Upgrade to SpamAssassin version 3.1.8 | 4.3 |
| 2007-02-16 | CVE-2007-0986 | Code Injection vulnerability in Jupiter CMS Jupiter CMS 1.1.5 PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5, when PHP 5.0.0 or later is used, allows remote attackers to execute arbitrary PHP code via an ftp URL in the n parameter. | 5.1 |
| 2007-02-16 | CVE-2007-0983 | Code Injection vulnerability in Ansatheus AT Contenator PHP remote file inclusion vulnerability in _admin/nav.php in AT Contenator 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Root_To_Script parameter. | 6.8 |
| 2007-02-16 | CVE-2007-0982 | Cross-Site Scripting vulnerability in Taskfreak 0.5.5 Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter. network taskfreak | 4.3 |